The Biggest Hacker Busts Of 2012

No love for Lulz as cops crack down on cybercrooks

It's easy enough to focus on the major breaches of 2012 and feel a certain hopelessness. But this year was a banner one for busting black hat bad guys. Several major international operations reaped a harvest of hackers, from big-shot Russian gangsters to bored British teens. This was the year they locked up the world's biggest pirate in Sweden. And the gangly Anonymous guy who probably should have worn the mask but didn't. The thoughtful cybercriminal should be sure to consider some questions in the year ahead. Who can you trust? How long can you run? Is bragging really worth it? And, of course, when a hacker's girl displays her breasts, is she showing more than she knows?

Sabu's Lulzsec Pals: Ryan Ackroyd, Jake Davis, Darren Martyn, Jeremy Hammond, and Donncha O'Cearrbhail
Thanks, in large part, to the cooperation of hacker Hector Xavier Monsegur, better known as Sabu, who was arrested last year for his escapades as an Anonymous hacker, authorities in the U.S. and Europe arrested five of his compatriots in an international sting that shook up Lulzsec and Anonymous in both the U.S. and the U.K. The sweep caught up a disparate group of cybercriminals from O'Cerrbhail and his attacks against the Irish government, to Hammond, the self-proclaimed "anarchist-communist" who launched a devastating attack against Stratfor, to large-scale collaborative efforts targeting companies and nation states.

Sony's Revenge: Raynaldo Rivera
After the arrest last year of Rivera's Lulzsec partner in crime, Cody Kretsinger, it was only a matter of time before the law caught up with Rivera. He surrendered to the FBI following an indictment by a grand jury for hacking Sony Pictures using a proxy server to carry out a SQL injection attack in May 2011 that lead to the release of unencrypted passwords of more than 1 million Sony customers. In October Rivera pleaded guilty to the crime and will learn his sentencing in the spring. Originally up for 15 years in jail, he'll be recommended for a reduced sentence in exchange for his guilty plea.

The Hacker Formerly Known As ACK!3STX
Between January and March 2012, an unnamed 15-year-old boy burned the midnight oil in order to hack a remarkable 259 websites both in his home country of Austria and abroad, authorities said. Unlike financially or politically motivated attackers, the boy took a shotgun approach, breaching databases and defacing websites seemingly at random. His industriousness outran his thoroughness and Austrian police were able to take him into custody. His exact identity has been protected due to his age and the fact that Europol has launched a more detailed investigation.

The Higinio O.Ochoa Hacker "Bust"
Is exhibitionism a driving force behind hactivism? After hacking a number of U.S. law enforcement websites, a man calling himself W0rmer and professing an affiliate association with Anonymous posted a racy photo of his girlfriend wearing a sign taunting authorities in l337 speak. The FBI was able to take the image of the woman's scantily clad breasts, examine the (ahem) EXIF data of the photo, and follow GPS coordinates to Australia. From there, the trail lead back to 30-year-old Texas Linux admin Higinio Ochoa. The alleged CabinCr3w hacker was sentenced to 27 months in prison and ordered to pay $14,000 in restitution. No charges were pressed against the girlfriend, later identified as Kyle Gardner.

Pirate Bay Founder Arrg-rested: Gottfrid Svartholm
No stranger to legal dilemmas, Pirate Bay co-founder Gottfrid Svartholm found himself in even deeper waters this year. Swede Svartholm was convicted of a number of different copyright law violations in 2008, but left the country and has been threatened with jail time for failing to appear at hearings. The pressure on Svartholm increased when Swedish prosecutors announced this year that the fugitive is suspected to have participated in a hack against Logica, an IT company that works with the Swedish government. The allegations of "aggravated fraud" lead to Svartholm's arrest in his riverside apartment in Phnom Penh, Cambodia.

Published: 2015-03-31The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.